"[The error messages] should serve as a clear warning to site owners that their site has been compromised," Mary Landesman, senior security researcher at ScanSafe, told SCMagazineUS.com on Friday.
She recommended website administrators properly secure their sites before bringing them back online.
The buggy code comes with one benefit: It is preventing some compromised sites from serving the malicious content and infecting visitors, Sinegubko said.
"[But] in thousands of other cases, the error doesn't occur and those backdoored sites continue to act as malware hosts,” Landesman said.So-called Gumblar attacks first caused a stir in May after it was discovered that thousands of legitimate sites had been injected with malicious code that causes visitors to be infected with a family of trojans. The attack was named Gumblar after the domain, Gumblar.cn, which initially hosted the malware.
Landesman said she is unsure how many Gumblar-infected sites currently exist, though they may number in the hundreds of thousands.If a user's PC becomes infected, the malware causes the browser to redirect Google search results. It also steals FTP credentials used by webmasters, Landesman said. Once the attacker has those credentials, the victim site is infected with a backdoor that enables attackers to get back in whenever they want -- even if a website administrator resets the FTP credentials.